Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Domain name scams: what identity teams need to watch for


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11936
Topic starter  

TL;DR: Domain name scams use fake invoices, renewal notices, appraisal requests, and transfer pressure to trick businesses into paying fraudsters or handing over control of a legitimate domain, according to DigiCert. The pattern matters because the attack succeeds by exploiting trust in domain identity, not just email hygiene.

NHIMG editorial — based on content published by DigiCert: Common Domain Name Scams and How to Avoid Them

By the numbers:

Questions worth separating out

Q: How should security teams verify domain renewal requests before paying them?

A: Teams should verify every domain renewal request by going directly to the registrar portal, checking the account status, and confirming the request with a known internal owner before any payment is approved.

Q: Why do domain name scams still work against well-run businesses?

A: They work because they exploit urgency, authority, and routine administration.

Q: What breaks when domain locking is not enabled on important domains?

A: Without domain locking, a fraudulent transfer request can become a real registrar change far too easily.

Practitioner guidance

  • Verify registrar requests out of band Require staff to confirm any renewal, transfer, or appraisal request by logging directly into the registrar account and checking the request status there.
  • Lock critical domains and protect registrar access Enable domain locking, enforce MFA on registrar accounts, and restrict who can approve domain changes.
  • Review WHOIS exposure and trademark coverage Check WHOIS records for accuracy, reduce unnecessary public exposure where possible, and register key related domains before attackers can use lookalike registrations to confuse customers or support fraud.

What's in the full article

DigiCert's full blog covers the operational detail this post intentionally leaves for the source:

  • Examples of the five scam types and the exact wording patterns used in fake notices
  • Step-by-step advice for checking renewal, transfer, and appraisal requests safely
  • Practical domain protection steps for businesses that manage multiple registrations
  • Additional context on DNS Made Easy and DigiCert's related DNS security services

👉 Read DigiCert's guide to common domain name scams and avoidance steps →

Domain name scams: what identity teams need to watch for?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11491
 

Domain scams are a trust-layer identity problem, not a billing nuisance. The article shows that attackers win by impersonating registrars, not by breaking DNS or registrar infrastructure. That makes the real failure mode identity verification at the point of payment or transfer. Practitioners should treat domain administration as a governed access path, because the first control that fails is the one that decides whether a request is authentic.

A few things that frame the scale:

  • 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which shows how often identity governance breaks down before an attacker even needs to escalate.

A question worth separating out:

Q: Who should own domain governance in an organisation?

A: Domain governance should sit with the teams that already manage identity, security, and business-critical digital assets, not only with marketing or procurement. The control points are account access, transfer approval, and payment verification, so ownership needs clear accountability. If no one is assigned to review registrar risk, domain fraud becomes an easy gap for attackers to exploit.

👉 Read our full editorial: Domain name scams expose the gap in digital identity controls



   
ReplyQuote
Share: